Rust Client Experimental v1272 x86-Kortal 1- Unrar 2- Edit LumaEmu.ini to change user name. 3- Run RustClient_Launcher.exe 4- To connect to our server, press F1 and use the command: KnightStable Server: client.connect knightstable.hopto.org:28015 Kortal Server: client.connect rust.kortal.org:28015 5- Plugins are on, use /help when connected on the server.
A Rust based DNS client, server, and Resolver, built to be safe and secure from theground up.
This repo consists of multiple crates:
Library | Description |
---|---|
Proto | Raw DNS library, exposes an unstable API and only for use by the other Trust-DNS libraries, not intended for end-user use. |
Client | Used for sending query , update , and notify messages directly to a DNS server. |
Server | Use to host DNS records, this also has a named binary for running in a daemon form. |
Resolver | Utilizes the client library to perform DNS resolution. Can be used in place of the standard OS resolution facilities. |
Rustls | Implementation of DNS over TLS protocol using the rustls and ring libraries. |
NativeTls | Implementation of DNS over TLS protocol using the Host OS' provided default TLS libraries |
OpenSsl | Implementation of DNS over TLS protocol using OpenSSL |
- Build a safe and secure DNS server and client with modern features.
- No panics, all code is guarded
- Use only safe Rust, and avoid all panics with proper Error handling
- Use only stable Rust
- Protect against DDOS attacks (to a degree)
- Support options for Global Load Balancing functions
- Make it dead simple to operate
Client
Using the ClientFuture is safe. ClientFuture is a brand new rewrite of the oldClient. It has all the same features as the old Client, but is written with thewonderful futures-rs library. Please send feedback! It currently does not cacheresponses, if this is a feature you'd like earlier rather than later, post arequest. The validation of DNSSec is complete including NSEC. As of now NSEC3is broken, and I may never plan to support it. I have some alternative ideasfor private data in the zone. The old Client has been deprecated, so pleaseuse the ClientFuture. If this is an inconvenience, I may add a conveniencewrapper around ClientFuture that would match the old Client; if this is somethingyou would like to see, please file an issue.
Yep it has disappeared again on linux too, just like the old days. My understanding was that rust releases would be blocked on rls now, so this shouldn't happen. Steam Database record for depot Rust Client - Windows 64 (DepotID or AppID: 252495).
Unique client side implementations
These are standards supported by the DNS protocol. The client implements themas high level interfaces, which is a bit more rare.
Feature | Description |
---|---|
SecureSyncClient | DNSSec validation |
create | atomic create of a record, with authenticated request |
append | verify existence of a record and append to it |
compare_and_swap | atomic (depends on server) compare and swap |
delete_by_rdata | delete a specific record |
delete_rrset | delete an entire record set |
delete_all | delete all records sets with a given name |
notify | notify server that it should reload a zone |
DNS over TLS on the Client
DNS over TLS is supported. This is accomplished through the use of
rust-native-tls
. To use DNS over TLS with the Client
, the TlsClientConnection
should be used. See the TlsClientConnectionBuilder::add_ca()
method. Similarly, to use the tokio ClientFuture
the TlsClientStream
should be used. ClientAuth, mTLS, is currently not supported, there are some issues still being worked on. TLS is supported for Server validation and connection privacy.Server
The server code is complete, the daemon supports IPv4 and IPv6, UDP and TCP.There currently is no way to limit TCP and AXFR operations, so it is still notrecommended to put into production as TCP can be used to DOS the service.Master file parsing is complete and supported. There is currently no forkingoption, and the server is not yet threaded (although it is implemented withasync IO, so threading may not be a huge benefit). There is still a lot of workto do before a server can be trusted with this externally. Running it behind afirewall on a private network would be safe.
Zone signing support is complete, to insert a key store a pem encoded rsa filein the same directory as the initial zone file with the
.key
suffix. Note:this must be only readable by the current user. If one is not present one willbe created and written to the correct location. This also acts as the initialkey for dynamic update SIG(0) validation. To get the public key, the DNSKEY
record for the zone can be queried. This is needed to provide to otherupstream servers to create the DS
key. Dynamic DNS is also complete,if enabled, a journal file will be stored next to the zone file with thejrnl
suffix. Note: if the key is changed or updated, it is currently theoperators responsibility to remove the only public key from the zone, thisallows for the DNSKEY
to exist for some unspecified period of time duringkey rotation. Rotating the key currently is not available online and requiresa restart of the server process.DNS over TLS on the Server
Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, example.toml. A registered certificate to the server can be pinned to the Client with the
add_ca()
method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.DNSSec status
Currently the root key is hardcoded into the system. This gives validation ofDNSKEY and DS records back to the root. NSEC is implemented, but not NSEC3.Because caching is not yet enabled, it has been noticed that some DNS serversappear to rate limit the connections, validating RRSIG records back to the rootcan require a significant number of additional queries for those records.
Zones will be automatically resigned on any record updates via dynamic DNS.
RFCs implemented
Basic operations
- RFC 1035: Base DNS spec (see the Resolver for caching)
- RFC 2308: Negative Caching of DNS Queries (see the Resolver)
- RFC 2782: Service location
- RFC 3596: IPv6
- RFC 6891: Extension Mechanisms for DNS
- RFC 6761: Special-Use Domain Names (resolver)
- RFC 6762: mDNS Multicast DNS (experimental feature:
mdns
) - RFC 6763: DNS-SD Service Discovery (experimental feature:
mdns
) - RFC ANAME: Address-specific DNS aliases (
ANAME
)
Update operations
- RFC 2136: Dynamic Update
Secure DNS operations
- RFC 3007: Secure Dynamic Update
- RFC 4034: DNSSEC Resource Records
- RFC 4035: Protocol Modifications for DNSSEC
- RFC 4509: SHA-256 in DNSSEC Delegation Signer
- RFC 5702: SHA-2 Algorithms with RSA in DNSKEY and RRSIG for DNSSEC
- RFC 6844: DNS Certification Authority Authorization (CAA) Resource Record
- RFC 6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
- RFC 6840: Clarifications and Implementation Notes for DNSSEC
- RFC 6844: DNS Certification Authority Authorization Resource Record
- RFC 6944: DNSKEY Algorithm Implementation Status
- RFC 6975: Signaling Cryptographic Algorithm Understanding
- RFC 7858: DNS over TLS (feature:
dns-over-rustls
,dns-over-native-tls
, ordns-over-openssl
) - RFC DoH: DNS over HTTPS, DoH (feature:
dns-over-https-rustls
)
RFCs in progress or not yet implemented
Basic operations
- RFC 2317: Classless IN-ADDR.ARPA delegation
How To Manually Update Rust
Update operations
- RFC 1995: Incremental Zone Transfer
- RFC 1996: Notify secondaries of update
- Update Leases: Dynamic DNS Update Leases
- Long-Lived Queries: Notify with bells
Secure DNS operations
- RFC 5155: DNSSEC Hashed Authenticated Denial of Existence
- DNSCrypt: Trusted DNS queries
- S/MIME: Domain Names For S/MIME
This assumes that you have Rust stable installed. Thesepresume that the trust-dns repos have already been synced to the local system:
Prerequisites
- openssl development libraries (optional in client and resolver, min version 1.0.2)
Mac OS X: using homebrew
Debian-based (includes Ubuntu & Raspbian): using apt-get
Testing
- Unit testsThese are good for running on local systems. They will create sockets forlocal tests, but will not attempt to access remote systems. Tests can alsobe run from the crate directory, i.e.
client
orserver
andcargo test
- Functional/Integration testsThese will try to use some local system tools for compatibility testing,and also make some remote requests to verify compatibility with other DNSsystems. These can not currently be run on Travis for example. P client for google drive mac.
![Rust Rust](/uploads/1/3/3/2/133280541/205526676.png)
- BenchmarksWaiting on benchmarks to stabilize in mainline Rust.
Building
- Production build, from the
trust-dns
base dir
Running
Warning: Trust-DNS is still under development, running in production is notrecommended. The server is currently only single-threaded, it is non-blockingso this should allow it to work with most internal loads.
- Verify the version
- Get help
- Launch
named
server with test config
- Query the just launched server with
dig
Using as a dependency and custom features
The Client has a few features which can be disabled for different reasons when embedding in other software.
dnssec-openssl
It is a default feature, so default-features will need to be set to false (this will disable all other default features in trust-dns). Until there are other crypto libraries supported, this will also disable DNSSec validation. The functions will still exist, but will always return errors on validation. The below example line will disable all default features and enable OpenSSL, remove'openssl'
to remove the dependency on OpenSSL.dnssec-ring
Ring support can be used for RSA and ED25519 DNSSec validation.dns-over-native-tls
Usesnative-tls
for DNS-over-TLS implementation, only supported in client and resolver, not server.dns-over-openssl
Usesopenssl
for DNS-over-TLS implementation supported in server and client, resolver does not have default CA chains.dns-over-rustls
Usesrustls
for DNS-over-TLS implementation, only supported in client and resolver, not server. This is the best option where a pure Rust toolchain is desired.mdns
EXPERIMENTALEnables the experimental mDNS features as well as DNS-SD.
Using custom features in dependencies:
Using custom features during build:
FAQ
- Why are you building another DNS server?Because of all the security advisories out there for BIND.Using Rust semantics it should be possible to develop a high performance andsafe DNS Server that is more resilient to attacks.
Community
For live discussions beyond this repository, please see this Discord.
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionallysubmitted for inclusion in the work by you, as defined in the Apache-2.0license, shall be dual licensed as above, without any additional terms orconditions.
The following installation instructions will only supply the experimental (public) branch's server files since legacy got removed December 2016. (8 December 2016)
- 1Dedicated server
- 1.2Configuration & running
- 2Linux Scripts Resources
- 2.1LinuxGSM Rust Server
- 3Windows Resources
Dedicated server
Installation
- Install SteamCMD
- Start SteamCMD
- Log in with a Steam account or anonymously:
login anonymous or username
- Select install folder:
force_install_dir PATH:SteamCMDrust_server
- Run:
app_update 258550 validate
to download the public branch of rust dedicated server
- Log in with a Steam account or anonymously:
Configuration & running
You can run the Rust DS with
./RustDedicated -batchmode
(Linux) or rust_server.exe -batchmode
(Windows). Command line parameters
The startup command can be appended with the following startup parameters:
parameter | default | description |
---|---|---|
+server.ip | 0.0.0.0 | Sets the Server IP. Leave it to 0.0.0.0 unless you have multiple IPs. |
+server.port | 28015 | Sets the port the server will use. (default 28015 UDP) |
+rcon.ip | 0.0.0.0 | Sets the RCON IP. |
+rcon.port | 28016 | Port to listen to for RCON. |
+rcon.web | 0 | If set to true, use websocket rcon. If set to false use legacy, source engine rcon. |
+server.tickrate | 10 | Server refresh rate - Not recommended to go above 30. |
+server.hostname | 'Your Server Name' | The displayed name of your server. |
+server.identity | 'my_server_identity' | Changes path to your server data rust/server/my_server_identity. Useful for running multiple instances. |
+server.maxplayers | 50 | Maximum amount of players allowed to connect to your server at a time. |
+server.worldsize | 3000 | Defines the size of the map generated (min 1000, max 6000) |
+server.seed | 50000 | Is the map generation seed. |
+server.saveinterval | 600 | Time in seconds for server save. |
+rcon.password | 'YourPassword' | Sets the RCON password |
-logfile | gamelog.txt | If you're using a script, you'd better put the current date as a filename, otherwise, it'll be erased on every start. |
-silent-crashes | - | Won't display a crash dialog and will restart automatically if server is installed as service. |
For example:
RCON
To use RCON (Remote console) you can either type directly in the CMD, or join the server and press F1 to open the console. (requires authlevel 1 or 2)
![Heroes Heroes](/uploads/1/3/3/2/133280541/683530235.png)
To add yourself as admin (authlevel 2) type '
ownerid YourSteamId64
' in the Command Prompt and re-join the server, or add it to the users.cfg located in ./server/serveridentity/cfg.Otherwise, you can use RustAdmin, a nice remote RCON client (recommended).
When the server is up and running, you can issue the commands from the Server Commands list below.
Server Commands
Here is a RAW list of available commands. You can put them either in your server.cfg (then reboot the server), or input them using RCON.
If you want the values to be permanent then save it using the command
server.writecfg
Last update: 31 August 2017
> Commands
Ban list
Banned users will be stored in
cfg/bans.cfg
.Linux Scripts Resources
LinuxGSM Rust Server
Linux Game Server Managers
LinuxGSM is the command line tool for quick, simple deployment and management of dedicated game server, using SteamCMD.
Features
- Backup
- Console
- Details
- Installer (SteamCMD)
- Monitor
- Alerts (Email, Pushbullet)
- Update (SteamCMD)
- Start/Stop/Restart server
Supported Servers
There are now 70+ different game servers supported and rising. For a full list visit the website.
Links
Website: https://linuxgsm.com/lgsm/rustserver/
GitHub Repo: https://github.com/GameServerManagers/LinuxGSM
Windows Resources
Rust Server Manager [PAID]
Rust Server Manager is a premium tool to help you create and manage your dedicated Rust Servers. It provides you with all the tools that you need to set up and manage your rust server.
Features Best torrent app for mac.
- Graphical Config Editor with more server options.
- Server Installer (Multi Branch support).
- Server Updater (Update your server manually or automatically).
- Server Verify (Verify your server files if you think something is missing).
- Wipe Manager (Wipe your server along with the chosen data to wipe).
- uMod / Oxide support.
- Full uMod / Oxide Control (Config editor, plugin editor, plugin config editor).
- Plugin Updater.
- Joining List - Get and manage a list of player joining your server.
- Queued List - Get and manage players in queue to join your server.
- Player Manager - Manage online and offline players
- The list of features are too long to add here but there is a (probably outdated) list on the website: https://rustservermanager.com/
How To Update Client For Heroes Of Newerth
Compatible With:
- Windows 10, 8.1, 8 and 7.
- Windows Server 2016, 2012 and 2008. (2008 untested)
How To Update Rust Server
Buy Here: https://rustservermanager.com/
Other
Facepunch's online rcon client
Retrieved from 'https://developer.valvesoftware.com/w/index.php?title=Rust_Dedicated_Server&oldid=226998'